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Who am I? 

CyberSecurity researcher at the Idaho 
National Lab 

Professional hacker that specializes in the 
critical infrastructure 



Who am I not? 

BSD/IP-Sec Rootkit Jason 

- He's JLW and I'm JWL 

- Sits across the hall from me 

No matter how much the press thinks we 
wrote Stuxnet, we didn't 

- (If we wrote it, it would have been awesome) 



Agenda 



Hacking SCADA 101 (5-10 minutes) 

- Anyone that's heard me speak in the past will 
be bored (coffee time?) 

Invading field equipment 

- Firmware compression 

- Pretty high level stuff 

Embedded Forensics 
-Assembly language warnings 
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Attack 



Access 










~> 










Discovery 






T 


^ 


f 




Control 



Damage 



Cleanup 



Normal Control 



Control is usually the easiest part of 
hacking control systems 

Field equipment takes any properly 
formatted command 

- Send bytes to a computer and stuff happens 
in the real world 



Normal Control 

Attacker: "turn the burner on full blast" 
Field Equipment: "Yeah, right buddy" 



When is invading necessary? 

Safety of the process is the field 
equipment 

Long-term stealthy rootkit required 

Sub-second control of field equipment is 

required 

- Maybe for some covert VFD control?? 

The attacker starts via wireless link and 
hacks upstream 



Safety Systems 

Safety systems are a separate control 
systems design as a watchdog for the 
primary control system 

In some industries such as nuclear, they 
can be completely disconnected 
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Hacking Embedded Systems 



Modern embedded systems are mostly 
microcontrollers chained together with 
serial lines 
-SPl 

-I2C 
-CanBus 
- RS-232 



Example Smart Meter 




(This isn't a real picture so please don't send me hate mail) 



Example Smart Meter 
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(See!!!!!!, picture of circuit board remove. Haters you know who you are.) 



Example Smart Meter 
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Attacker Problems 

In order to perform forensics a 
compromised embedded system, the 
analyst needs to understand the problems 
the attacker must overcome 

This knowledge isn't really covered in the 
current literature 



Let's hack like it's 1999 

Lack of a kernel 

No memory protection 

No virtual address space means no 
address space randomization 

VxWorks, Phar Lap, Green Hills, eCos : 

- Not really an "operating system" in the 
computer science-y definition 



Problems: Reboot-y-ness 

Embedded systems mantra "If all else 
fails, reboot yourself" 

Watchdog Timers 

Common Reset Lines 

The attacker must not let the victim reboot 
during exploitation 



Common Reset Lines 



Reset Pin 





"Dave, I'm invoking the suicide pact" 



Rewriting From scratch 

I've tried to rewrite firmware from scratch 

I don't think this is possible even with an 
almost unlimited budget 

-The new firmware never quite behaves like 
the original 

- Embedded engineers don't fix bugs as much 
as work around them 

In most cases attackers must modify and 
not rewrite 



Problems:Firmware Patches 

How do I give my rootkit CPU cycles? 

- Vector Tables 

- Hooking the Main Loop 



Vector Tables 

In most microcontrollers the Vector table is 
mapped at the top or bottom of memory 



0x0000 Reset 

0x0002 Timer Tick 

0x0004 Math Exception 

0x0008 PortA 
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Problems:lnter-Micro 
Communications 

Writing shellcode for serial connections is just like writing 
findsockshellcode 

Serial ports are opened via an open() call 

File descriptor equivalents may be walked to find the 
serial port 

UARTS can be accessed via memory-mapped I/O 



Inter-Micro Communications 
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I want to control this pin 



Exploiting Serial Connections 

There's a problem 

If the attacker takes over the serial connection, the serial 
port doesn't perform its normal function 

- See Reboot-y-ness 

The purpose of a serial connection must be preserved 
for long-term control 



Exploiting Serial Connections 

Original Messages must be tunneled over the new rootkit 
protocol 
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Communications Protocol 



Protocol Interleaving 
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Communications Protocols 

A powerful attacker could do better 
Rudimentary control channel 



16 17 Magic 

00 12 Length 

04 Message Type 

00 04 Data Blob Length 

01 02 03 04 Data Blob 



16 17 Magic 

00 12 Length 

FF Attacker Message 

00 06 Data Blob Length 

reboot 



Communications Protocols 

• Certain artifacts must be maintained 

- Otherwise reboot/reinitialize/error 

• If the attacker doesn't want to spend every waking 
moment re-coding communications channels, he'll need 
something that can be used in multiple protocols 


• 
• 


Communications Protocols 

Redundancy coding can preserve the artifacts of the 
serial protocol while supplying arbitrary data in an 
efficient manner 

Complex algorithms don't bulk up the rootkit 




16 17 Magic ^_ 

00 12 Length 

04 Message Type 

00 04 Data Blob Length 

01 02 03 04 Data Bleb 


Must be preserved 
I^ 5 * Attacker Usable 









Communications Protocols 

Message + Offsets -> Coding 

Coding schemes make detection by analyzers or 
heuristic IDSs unlikely 
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Where do I put the rootkit? 



Most vendors see extra flash as wasted revenue 

That flash could have been used for a feature that would 
have sold more units 

Feature creep 

- Why do I need a web server on my nic? 



Where do I put my rootkit? 

Basic - Dump functionality 

Intermediate - Point Optimizations and 
Compression Sleds 

Advanced - Refactoring the Firmware 

Slaving a microcontroller 



Basic Approach 

The attacker can dump functionality 

Little-used functions can be replaced with the rootkit 
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Basic Approach 



Attacker can replace human-only data 

- String tables 

- images 





Intermediate Approach 
Local Compression 

Optimizers do a poor job of inter-function optimization 

- Since the assembly is poorly optimized, gaps can be 
created in the image while preserving total 
functionality 



Intermediate Approach 



Function Tailing - A simple inter-function optimization 



Call sprintf 
Add esp, Oxc 



Push eax 

Call ProcessMessage 

Mov [ecx], eax 




http://en.wikipedia.org/wiki/Tail_call 



Intermediate Approach 

Greatest common size match 
- Room for computer-science-y algorithms 



Mov r1 , 5 




Mov r1 , 5 


Mov r2, r3 




Mov r2, r3 


Cmp r2, r4 




Cmp r2, r4 


Bne loop 




Bne loop 


Add r4, 1 




Add r4, 1 


Mov [r6], r6 




Sub r5, 1 


Mul r6, 4, r6 




Call DoSomething 



Call CommonCode 
Mov [r6], r6 
Mul r6, 4, r6 



Intermediate Approach 



The compression leaves an image that looks like swiss 
cheese 

- Can the attacker take advantage of this? 
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Slaving the microcontroller 



For the lazy and unskilled 

If two microcontrollers are connected and 
the one needed for control doesn't have 
enough space, it can be lobotomized and 
run from an adjacent microcontroller 

This approach works well in motherboard 
rootkits 



Turn Pin 7 on 



Big Beefy 
Micro 



Little 
Micro 
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USB Processor (4k Flash) 
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Main Processor (32k Flash) 



Advanced Approach 
Refactoring Firmware 




Advanced approach 

Instructions can be decomposed into micro-operations 

- Must describe all the side effects of the assembly 

Micro-op stream can be optimized independent of 
assembly 

Referred to as binary refactoring 

Binary -> micro-ops -> Binary 

- Guaranteed to preserve functionality 



Micro-Ops 

"push eax" is a complex operation 
compose of two micro-operations 




Syntax Graphs 



Micro-ops can be assembled into a syntax 
graph 



LDR.W R12, =( libc_csu_fini+1 ) 
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Optimization 



Greatest Repeated Common Subtree (NP 
Hard) 



Cloud Rootkits 

Virtual Hardware Fuzzer + Ethernet NIC 
rootkit = Cloud rootkit 

Way easier than it should be 



Forensics 

• OK, Problem laid out, now on to forensics 

• Someone hands you a device and says 
"What did the bad people do to me?" 

Analyst "Do you have the firmware from 10 years ago?" 
While (patience-){ 

Vendor "You need to upgrade to v5.1 .4.3.2" 

Analyst "I'm doing forensics and need all versions from 2002" 

Vendor "I'll ask someone" 

Sleep(2 days) 

} 



Getting the firmware 
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Binary Normal Form 



Since you don't have a copy of the original 
firmware for BinDiff how can you go about 
quickly spotting the rootkit functions? 

Each revision of each compiler performs 
different optimizations 

The chances of the attacker using the 
exact same compiler is very small 



Binary Normal Form 




• XOR ECX, ECX . ECX:=0 




• Add RO, . NOP 




• SHL RO, #0 . NOP 




• Mov [ESP], 0x44 . p U sh 0x44 






Example Functions 






cmp [ebp+argO], 3 






jle short loc_1F86 
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nou dworrJ ptr [esp+8], 6 ; sizet 








lea eax, (aThree - 1EC5h)[ebx] ; "Three" 


loc 1F0fi 










nou [esp+4], eax ; uoid * 


nou 










lea caw, [cbp+uar_40C] 


lea 










nou [esp] , pax ; uoid * 


nou 










call ne nc py 


lea 










jnp short 1dc_1F26 


nou 
call 
























nou [ebp»uar_C], eax 










xor eax, eax 










enp [ebp+arg_0] , 3 










jle short loc_1F3F 
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nou duord ptr [ebp+uar 40C], 65726854h 






nou [ebp+uar_4B8] , 65h 


loc 11 








jnp short 1og_1F5B 


wou 
nou 
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Variance 

Compilers apply the same optimization to 
all the code 

Exception emit blocks 

When converting to binary normal form, 
variances can be noted and assigned 
colors or tags 



Variance 



Diagram 



Variance 

Both examples produce the same graph 

-They should since they came from the same 
source code 

- We can note each variance and assign it a 
value or color 

- Sorting functions by variance reveals the 
rootkit 



Variance 
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The End 

At this point, attackers are way ahead of 
the defenders 

Defenders lack the basic infrastructure to 
handle attacks against field equipment 

-You have no real way of verifying the various 
firmwares on your motherboard much less an 
embedded device 



The End 

We need to build a model of attackers in 
embedded systems 

We also need to build a toolbox that can 
find and remove them 

I believe comparison versus a binary 
normal form is a good starting point 



The End 

• As always we live in interesting times 

Jason Larsen 
Jason.larsen@inl.gov 



